Changeset 2380


Ignore:
Timestamp:
Dec 17, 2008 2:28:18 PM (12 years ago)
Author:
bennylp
Message:

Ticket 684: protect the memory allocation for TX packet with try/catch, and fixed various transmit data buffer leaks when transmission fails immediately

Location:
pjproject/trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • pjproject/trunk/pjsip-apps/src/pjsua/pjsua_app.c

    r2373 r2380  
    21882188    ring_start(call_id); 
    21892189 
     2190    if (current_call==PJSUA_INVALID_ID) 
     2191        current_call = call_id; 
     2192 
    21902193    if (app_config.auto_answer > 0) { 
    21912194        pjsua_call_answer(call_id, app_config.auto_answer, NULL, NULL); 
  • pjproject/trunk/pjsip/src/pjsip-ua/sip_inv.c

    r2371 r2380  
    28152815                    inv_set_state(inv, PJSIP_INV_STATE_EARLY, e); 
    28162816                break; 
     2817            case PJSIP_TSX_STATE_TERMINATED: 
     2818                /* there is a failure in sending response. */ 
     2819                inv_set_cause(inv, tsx->status_code, &tsx->status_text); 
     2820                inv_set_state(inv, PJSIP_INV_STATE_DISCONNECTED, e); 
     2821                break; 
    28172822            default: 
    28182823                inv_on_state_incoming(inv, e); 
  • pjproject/trunk/pjsip/src/pjsip/sip_dialog.c

    r2370 r2380  
    541541    if (tsx) { 
    542542        pjsip_tsx_terminate(tsx, 500); 
     543        pj_assert(dlg->tsx_count>0); 
    543544        --dlg->tsx_count; 
    544545    } 
     
    14121413    /* Ask transaction to send the response */ 
    14131414    status = pjsip_tsx_send_msg(tsx, tdata); 
     1415 
     1416    /* This function must decrement transmit data request counter  
     1417     * regardless of the operation status. The transaction only 
     1418     * decrements the counter if the operation is successful. 
     1419     */ 
     1420    if (status != PJ_SUCCESS) { 
     1421        pjsip_tx_data_dec_ref(tdata); 
     1422    } 
    14141423 
    14151424    pjsip_dlg_dec_lock(dlg); 
     
    18991908 
    19001909 
    1901     if (tsx->state == PJSIP_TSX_STATE_TERMINATED) { 
     1910    /* It is possible that the transaction is terminated and this function 
     1911     * is called while we're calling on_tsx_state(). So only decrement 
     1912     * the tsx_count if we're still attached to the transaction. 
     1913     */ 
     1914    if (tsx->state == PJSIP_TSX_STATE_TERMINATED && 
     1915        tsx->mod_data[dlg->ua->id] == dlg)  
     1916    { 
     1917        pj_assert(dlg->tsx_count>0); 
    19021918        --dlg->tsx_count; 
    19031919        tsx->mod_data[dlg->ua->id] = NULL; 
  • pjproject/trunk/pjsip/src/pjsip/sip_transport.c

    r2180 r2380  
    569569    /* Allocate buffer if necessary. */ 
    570570    if (tdata->buf.start == NULL) { 
    571         tdata->buf.start = (char*)  
    572                            pj_pool_alloc( tdata->pool, PJSIP_MAX_PKT_LEN); 
     571        PJ_USE_EXCEPTION; 
     572 
     573        PJ_TRY { 
     574            tdata->buf.start = (char*)  
     575                               pj_pool_alloc(tdata->pool, PJSIP_MAX_PKT_LEN); 
     576        } 
     577        PJ_CATCH_ANY { 
     578            return PJ_ENOMEM; 
     579        } 
     580        PJ_END 
     581 
    573582        tdata->buf.cur = tdata->buf.start; 
    574583        tdata->buf.end = tdata->buf.start + PJSIP_MAX_PKT_LEN; 
  • pjproject/trunk/pjsip/src/pjsip/sip_util.c

    r2372 r2380  
    16741674    /* Send! */ 
    16751675    status = pjsip_endpt_send_response( endpt, &res_addr, tdata, NULL, NULL ); 
    1676  
    1677     return status; 
     1676    if (status != PJ_SUCCESS) { 
     1677        pjsip_tx_data_dec_ref(tdata); 
     1678        return status; 
     1679    } 
     1680 
     1681    return PJ_SUCCESS; 
    16781682} 
    16791683 
  • pjproject/trunk/pjsip/src/pjsua-lib/pjsua_call.c

    r2371 r2380  
    910910    } 
    911911 
    912     /* Create and attach pjsua_var data to the dialog: */ 
    913     call->inv = inv; 
    914  
    915     dlg->mod_data[pjsua_var.mod.id] = call; 
    916     inv->mod_data[pjsua_var.mod.id] = call; 
    917  
    918912    /* If account is locked to specific transport, then lock dialog 
    919913     * to this transport too. 
     
    926920    } 
    927921 
    928     /* Must answer with some response to initial INVITE. 
     922    /* Must answer with some response to initial INVITE. We'll do this before 
     923     * attaching the call to the invite session/dialog, so that the application 
     924     * will not get notification about this event (on another scenario, it is 
     925     * also possible that inv_send_msg() fails and causes the invite session to 
     926     * be disconnected. If we have the call attached at this time, this will 
     927     * cause the disconnection callback to be called before on_incoming_call() 
     928     * callback is called, which is not right). 
    929929     */ 
    930930    status = pjsip_inv_initial_answer(inv, rdata,  
     
    944944        if (status != PJ_SUCCESS) { 
    945945            pjsua_perror(THIS_FILE, "Unable to send 100 response", status); 
    946         } 
    947     } 
     946            PJSUA_UNLOCK(); 
     947            return PJ_TRUE; 
     948        } 
     949    } 
     950 
     951    /* Create and attach pjsua_var data to the dialog: */ 
     952    call->inv = inv; 
     953 
     954    dlg->mod_data[pjsua_var.mod.id] = call; 
     955    inv->mod_data[pjsua_var.mod.id] = call; 
    948956 
    949957    ++pjsua_var.call_cnt; 
     
    37263734                                            pjsip_event *e) 
    37273735{ 
    3728     pjsua_call *call = (pjsua_call*) inv->dlg->mod_data[pjsua_var.mod.id]; 
     3736    pjsua_call *call; 
    37293737 
    37303738    PJSUA_LOCK(); 
     3739 
     3740    call = (pjsua_call*) inv->dlg->mod_data[pjsua_var.mod.id]; 
     3741 
     3742    if (call == NULL) { 
     3743        PJSUA_UNLOCK(); 
     3744        return; 
     3745    } 
    37313746 
    37323747    /* Notify application callback first */ 
Note: See TracChangeset for help on using the changeset viewer.